From 262e505ef7239e91b33b1a4be7a6928070197189 Mon Sep 17 00:00:00 2001 From: Liam Murphy Date: Mon, 8 Aug 2022 21:54:46 +1000 Subject: [PATCH] Support configure via the Vendor interface (#524) * Support configure via the Vendor interface * Adjust tests now that GetInfo is supported on vendor_hid * Add test for vendor_hid not supporting FIDO command --- deploy.py | 6 +----- src/ctap/mod.rs | 26 +++++++++++++++++++++++--- tools/configure.py | 16 ++++++++++++++++ 3 files changed, 40 insertions(+), 8 deletions(-) diff --git a/deploy.py b/deploy.py index 10022f0..5759d90 100755 --- a/deploy.py +++ b/deploy.py @@ -755,6 +755,7 @@ class OpenSKInstaller: certificate=self.args.config_cert, priv_key=self.args.config_pkey, lock=self.args.lock_device, + use_vendor_hid="vendor_hid" in self.args.features, )) if not configure_response: return None @@ -875,11 +876,6 @@ class OpenSKInstaller: "configured yet.") return 0 - if "vendor_hid" in self.args.features: - # vendor_hid as a work in progress and is not compatible with configure - # mode. - return 0 - # Perform checks if OpenSK was flashed. if self.args.application != "ctap2": return 0 diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs index dbad9b8..1cc1b03 100644 --- a/src/ctap/mod.rs +++ b/src/ctap/mod.rs @@ -714,6 +714,7 @@ impl CtapState { } Command::AuthenticatorVendorUpgrade(params) => self.process_vendor_upgrade(env, params), Command::AuthenticatorVendorUpgradeInfo => self.process_vendor_upgrade_info(env), + Command::AuthenticatorGetInfo => self.process_get_info(env), _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND), } } @@ -3865,8 +3866,7 @@ mod test { } #[test] - #[cfg(feature = "vendor_hid")] - fn test_main_hid() { + fn test_get_info_command() { let mut env = TestEnv::new(); let mut ctap_state = CtapState::new(&mut env, CtapInstant::new(0)); @@ -3880,9 +3880,29 @@ mod test { response, Ok(ResponseData::AuthenticatorGetInfo(_)) )); + #[cfg(feature = "vendor_hid")] + { + let response = ctap_state.process_parsed_command( + &mut env, + Command::AuthenticatorGetInfo, + VENDOR_CHANNEL, + CtapInstant::new(0), + ); + assert!(matches!( + response, + Ok(ResponseData::AuthenticatorGetInfo(_)) + )); + } + } + + #[test] + #[cfg(feature = "vendor_hid")] + fn test_vendor_hid_does_not_support_fido_command() { + let mut env = TestEnv::new(); + let mut ctap_state = CtapState::new(&mut env, CtapInstant::new(0)); let response = ctap_state.process_parsed_command( &mut env, - Command::AuthenticatorGetInfo, + Command::AuthenticatorGetNextAssertion, VENDOR_CHANNEL, CtapInstant::new(0), ); diff --git a/tools/configure.py b/tools/configure.py index f79e835..76210a0 100755 --- a/tools/configure.py +++ b/tools/configure.py @@ -23,6 +23,7 @@ import argparse import getpass import datetime import sys +from unittest.mock import patch import uuid import colorama @@ -125,7 +126,15 @@ def main(args): length=32, byteorder="big", signed=False) } + patcher = None + if args.use_vendor_hid: + patcher = patch.object(hid.base, "FIDO_USAGE_PAGE", 0xFF00) + patcher.start() + info("Using the Vendor HID interface") + devices = get_opensk_devices(args.batch) + if patcher: + patcher.stop() responses = [] if not devices: fatal("No devices found.") @@ -202,4 +211,11 @@ if __name__ == "__main__": "This command can fail if the certificate or the private key " "haven't been both programmed yet."), ) + parser.add_argument( + "--use-vendor-hid", + default=False, + action="store_true", + dest="use_vendor_hid", + help=("Whether to configure the device using the Vendor HID interface"), + ) main(parser.parse_args())